Scope Identification: Define the systems and networks within your PCI DSS environment.

​

Select an ASV Vendor: Choose an Approved Scanning Vendor meeting your scanning needs.

Schedule Scans: Arrange quarterly scans with the ASV to assess vulnerabilities.

​

Prepare and Inform: Notify stakeholders, prepare documentation, and inform relevant parties about the upcoming scans.

Scan Execution: The ASV conducts external vulnerability scans using approved tools and methods.

​

Analysis and Reporting: Receive a detailed report outlining identified vulnerabilities and recommended actions.

Remediation: Address vulnerabilities within specified timeframes according to their severity.

​

Rescan (if needed): Conduct a follow-up scan after addressing significant vulnerabilities.

​

Document and Maintain Records: Keep thorough documentation of scans, reports, and remediation actions.

Repeat Scanning: Regularly schedule and conduct quarterly ASV scans to uphold PCI DSS compliance and enhance security measures.